From: Patrick McHardy <kaber@trash.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: KOVACS Krisztian <hidden@balabit.hu>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
Balazs Scheidler <bazsi@balabit.hu>,
David Miller <davem@davemloft.net>
Subject: Re: [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module
Date: Mon, 25 Oct 2010 22:42:48 +0200 [thread overview]
Message-ID: <4CC5EBC8.9000701@trash.net> (raw)
In-Reply-To: <1288001640.2826.96.camel@edumazet-laptop>
Am 25.10.2010 12:14, schrieb Eric Dumazet:
> Le lundi 25 octobre 2010 à 11:38 +0200, KOVACS Krisztian a écrit :
>> Hi,
>>
>> On Fri, 2010-10-22 at 00:19 +0200, Eric Dumazet wrote:
>>> Le jeudi 21 octobre 2010 à 16:04 +0200, Patrick McHardy a écrit :
>>>> Am 21.10.2010 13:43, schrieb KOVACS Krisztian:
>>>>> tproxy: split off ipv6 defragmentation to a separate module
>>>>>
>>>>> Like with IPv4, TProxy needs IPv6 defragmentation but does not
>>>>> require connection tracking. Since defragmentation was coupled
>>>>> with conntrack, I split off the two, creating an nf_defrag_ipv6 module,
>>>>> similar to the already existing nf_defrag_ipv4.
>>>>
>>>> Applied, thanks.
>>>
>>> Hmm...
>>>
>>> CONFIG_IPV6=m
>>> CONFIG_NETFILTER_TPROXY=m
>>>
>>>
>>> MODPOST 201 modules
>>> ERROR: "nf_defrag_ipv6_enable" [net/netfilter/xt_TPROXY.ko] undefined!
>>> ERROR: "ipv6_find_hdr" [net/netfilter/xt_TPROXY.ko] undefined!
>>>
>>> Sorry, it's late here, I wont fix this ;)
>>
>> Oops, I guess this is because you do have IPv6 support but don't have
>> ip6tables enabled in your config. Does the patch below fix the issue for
>> you? (For me it now compiles with and without IPv6 conntrack, ip6tables
>> and IPv6 support, too.)
>>
>>
>
> I had ip6tables enabled, but not CONFIG_NF_CONNTRACK_IPV6 ;)
>
>>
>> netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY
>>
>> One of the previous tproxy related patches split IPv6 defragmentation and
>> connection tracking, but did not correctly add Kconfig stanzas to handle the
>> new dependencies correctly. This patch fixes that by making the config options
>> mirror the setup we have for IPv4: a distinct config option for defragmentation
>> that is automatically selected by both connection tracking and
>> xt_TPROXY/xt_socket.
>>
>> The patch also changes the #ifdefs enclosing IPv6 specific code in xt_socket
>> and xt_TPROXY: we only compile these in case we have ip6tables support enabled.
>>
>> Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
>
> Reported-and-tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Dave, please apply directly. Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-10-25 20:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 10:47 [PATCH v2 0/9] tproxy: add IPv6 support KOVACS Krisztian
2010-10-21 10:47 ` [PATCH v2 7/9] tproxy: added IPv6 support to the TPROXY target KOVACS Krisztian
2010-10-21 14:17 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 2/9] tproxy: added const specifiers to udp lookup functions KOVACS Krisztian
2010-10-21 14:05 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 3/9] tproxy: added udp6_lib_lookup function KOVACS Krisztian
2010-10-21 14:06 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled KOVACS Krisztian
2010-10-21 14:11 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module KOVACS Krisztian
2010-10-21 11:30 ` Patrick McHardy
2010-10-21 11:43 ` KOVACS Krisztian
2010-10-21 14:04 ` Patrick McHardy
2010-10-21 22:19 ` Eric Dumazet
2010-10-25 9:38 ` KOVACS Krisztian
2010-10-25 10:14 ` Eric Dumazet
2010-10-25 20:42 ` Patrick McHardy [this message]
2010-10-25 20:54 ` David Miller
2010-10-21 10:47 ` [PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer KOVACS Krisztian
2010-10-21 14:09 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 6/9] tproxy: added IPv6 socket lookup function to nf_tproxy_core KOVACS Krisztian
2010-10-21 14:12 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 8/9] tproxy: added IPv6 support to the socket match KOVACS Krisztian
2010-10-21 14:20 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 9/9] tproxy: use the interface primary IP address as a default value for --on-ip KOVACS Krisztian
2010-10-21 14:21 ` Patrick McHardy
2010-10-21 14:26 ` Amos Jeffries
2010-10-21 14:48 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CC5EBC8.9000701@trash.net \
--to=kaber@trash.net \
--cc=bazsi@balabit.hu \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hidden@balabit.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).